Versions Compared

Old Version 50

changes.mady.by.user Viktor Kisko

Saved on

compared with

New Version 51

changes.mady.by.user Viktor Kisko

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Reverted from v. 49

...

client_id(required): Must be set to identifier of the client that was obtained during client registration.

scope (optional) (the same as in scope description above).

Access code Response

The response to the POST request is a JSON object (MIME type "application/json") like this:

{
    "access_token": "3e8ec1a3d43c983b57df0616b498c04807b466e919999aa0f3f3aabca1dd48cc",
    "token_type": "Bearer",
    "expires_in": "14400"
}

Client Credentials Grant flow

: The scope of the resources that the access token should provide access to. Possible values are:

  • "none": The default, single sign on only, no access to data

  • "person: Manage person records

  • "group": Manage groups

  • "document": Manage documents and reviews

  • "workflow": Manage tasks and workflows

  • "crs": Manage studies in CRS

  • "crso": Manage studies in CRSO

  • "linked_data": Access to linked data resources

  • "all": Manage any resource type

Access code Response

The response to the POST request is a JSON object (MIME type "application/json") like this:

{
    "access_token": "3e8ec1a3d43c983b57df0616b498c04807b466e919999aa0f3f3aabca1dd48cc",
    "token_type": "Bearer",
    "expires_in": "14400"
}

Client Credentials Grant flow

The client credentials flow allows a confidential client (server) to obtain an access token server-to-server without involving an end The client credentials flow allows a confidential client (server) to obtain an access token server-to-server without involving an end user. Before this flow is used, an Keycloak user must be associated with the client. The access token obtained with this flow will be associated with the user and the user's permissions.

The server makes a POST request to the token endpoint with the following parameters included ("application/x-www-form-urlencoded" format):

grant_type (required): Must be set to "client_credentials" for this flow.

...

parameters included ("application/x-www-form-urlencoded" format):

grant_type (required): Must be set to "client_credentials" for this flow.

scope (optional): The scope of the resources that the access token should provide access to. Possible values are:

  • "none": The default, single sign on only, no access to data

  • "person: Manage person records

  • "group": Manage groups

  • "document": Manage documents and reviews

  • "workflow": Manage tasks and workflows

  • "crs": Manage studies in CRS

  • "crso": Manage studies in CRSO

  • "linked_data": Access to linked data resources

  • "all": Manage any resource type

Multiple scopes can be provided as a space separated list, e.g. "person document", but "all" or "none" must stand alone. If no scope is specified, "none" is used (note: the default is not all scopes registered with the client). Only scopes registered with the client are allowed. 

...